| 发明名称 |
Identifying Security Boundaries on Computing Devices |
| 摘要 |
During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, a public/private key pair of one of the security boundaries is generated or otherwise obtained. The private key of the public/private key pair is provided to the one security boundary, and the public key of the public/private key pair is provided to the boot measurement system. |
| 申请公布号 |
US2016105280(A1) |
申请公布日期 |
2016.04.14 |
| 申请号 |
US201514614132 |
申请日期 |
2015.02.04 |
| 申请人 |
Microsoft Technology Licensing, LLC. |
发明人 |
Kinshumann Kinshuman;Samsonov Yevgeniy A.;Ferguson Niels T.;Novak Mark Fishel |
| 分类号 |
H04L9/08;H04L9/32 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method implemented in a computing device, the method comprising:
obtaining, during booting of the computing device having multiple security boundaries, a public/private key pair for a first security boundary of the multiple security boundaries, data of the first security boundary being inaccessible to programs in a second security boundary of the multiple security boundaries; providing a private key of the public/private key pair to an operating system module of the first security boundary; and providing a public key of the public/private key pair to a boot measurement system of the computing device that includes a secure cryptoprocessor. |
| 地址 |
Redmond WA US |
